HP finally fixes bug affecting hundreds of laptops and PC models

HP EliteBook, EliteDesk and Dragonfly models among those affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

HPhas released a series of updates aimed at addressing a number of potentially serious security flaws affecting a large number of its computing devices.

First detected in November 2021, themalwareissues affect some ofHP’s most popular brands, including EliteBook notebooks, EliteDesk desktops and its Z1 and Z2 workstations.

The flaws, tracked as CVE-2021-3808 and CVE-2021-3809 and given a high severity rating, could have allowed hackers to gain access to victim devices and run code with Kernel privileges, potentially allowing them to execute any command at a Kernel level.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

HP security worries

In asecurity advisorypublished on its website, HP noted that “potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities”.

The company didn’t go into any specific technical details regarding the issues, but is urging customers to download and update immediately.

However, Nicholas Starke, the researcher who first discovered the flaws, outlined the potential effects that the issues may have had in a bit more detail.

REvil ransomware is officially back, experts claim>Mischievous hackers could use a simple trick to send printers berserk>Criminals are using SEO to boost downloads of malicious PDFs

“This vulnerability could allow an attacker executing with kernel-level privileges (CPL == 0) to escalate privileges to System Management Mode (SMM). Executing in SMM gives an attacker full privileges over the host to further carry out attacks,” Starke noted in a blog post.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

He outlined how a vulnerable SMI handler can be triggered through the Windows kernel driver, with attackers able to trigger remote code execution after finding the memory address of the “LocateProtocol” function and overwriting it with malicious code.

They could then install malware that would be unremovable, even usingantivirusplatforms or an OS reinstall.

Some HP models are able to resist such attacks, Starke added, with the company’s HP Sure Start software able to detect such interference, shutting down the host and urging users to approve a system boot.

The news comes shortly after HP issued patches forfour dangerous vulnerabilitiesaffecting hundreds of itsprintersthat could lead to remote code execution, data theft, or denial of service.

ViaBleepingComputer

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Nokia confirms data breach leaked third-party code, but its data is safe

Best CDN provider of 2024

Audio-Technica AT-LP70XBT vs Victrola Hi-Res Onyx: which is the best Bluetooth turntable?